Top Banner

US and European energy companies penetrated by hackers in cyber-attack

A number of US and European energy companies have been penetrated by a group of sophisticated hackers in a cyber espionage campaign. The cyber-attack successfully infiltrated some of the core systems that control the firms operations according to reports from researchers at security firm Symantec.

It was disclosed in a report compiled by Symantec that malicious e-mail campaigns were utilized in order to gain entry into organizations located in the US, Turkey and Switzerland. The cyber-attacks began in late 2015, but have steadily increased in frequency since April this year.

Cybersecurity researcher at Symantec, Eric Chien has claimed that the attacks bear resemblance to that of foreign government - and believes that infamous hacking group 'Dragonfly' may be responsible for the attacks.

This latest cybersecurity attack only serves to heighten the growing concern being expressed in relation to security amongst industrial firms, power providers and others that are susceptible to these types of cyber-attacks.

The US government issued a warning to industrial firms about the risk of hacking campaigns targeting the nuclear energy sector, and appealed for them to remain cautious and be on high alert in relation to any suspicious activity. They told companies that hackers had sent phishing e-mails in an attempt to retrieve credentials required to gain access to targeted networks.

It has been confirmed that dozens of companies have been targeted and that a handful of them including in the US, had been compromised on an 'operational level'. According to Symantec researcher Chien that level of access meant that the fraudster's motivation was the only step left preventing sabotage of the power grid.

Some US researchers have been quick to express their doubts over the findings of the report issued by Symantec. Robert M. Lee founder of the US critical infrastructure conceded that while the attacks were alarming and troubling - the hackers were still far from the level of being able to turn off the lights. He declared that there was no need for 'alarmism', whilst he added the connection to Dragonfly was loose and suggested there was a lack of evidence to back up the allegations.

Dragonfly was active from 2011-2014, but it went dormant after several cyber firms published research which exposed its attacks. The group has always been closely associated with the Russian government with many expressing their belief that the group of security experts will close ties to the Russians.

Symantec stopped short of naming Russia in its report, but noted that the attackers used code strings that were in Russian. Other code used French, Symantec said, suggesting the attackers may be attempting to make it more difficult to identify them.